So, people from within Iran have hacked the Dutch company DigiNotar, allowing them to issue fake certificates so they could listen in on Iranian dissidents and other organisation within Iran. This is a very simplified version of the story, since it's all quite complicated and I honestly don't even understand all of it. In any case, DigiNotar detected the intrusion July 19, but didn't really do anything with it until it all blew up in their face this past week. Now, the Dutch government has taken over operational management of DigiNotar... But as a Dutch citizen, that doesn't really fill me with confidence, because, well - whenever the Dutch government does anything even remotely related to IT technology, they mess it up. And mess it up bad.

"Given the current system that we have, the best bet is to restrict the number of CA's that you trust."

Well yes, but that only applies to what you can control. There are problems with managing CA's personally:

1. As a website owner, your choice of CAs doesn't increase your security. The authentication of your website is validated by the list of CAs in your user's web browsers.

2. As a user, it's reasonable to want to trust only specific CAs where I can attest to their security. However in reality real websites will use CAs who's security I cannot attest to. So, this may not be an option.

2b. Obviously you're talking about blacklisting a select group rather than whitelisting a select group. But the problem remains that you are trusting CAs who's security procedures haven't really been attested to and could in fact be as bad as DigiNotar.

I'm not even sure how bad DigiNotar's procedures actually were. All CAs are vulnerable to things like zero day exploits and disgruntled employees even when they do follow best practices.

1) As a website owner, you choose a CA that is used by large companies that your customers would want to use. If they are likely to trust those large websites, they'll be likely to trust al certs signed by the same CA.

2) As a website user, the number of SSL enabled sites that I use are limited to a few, those few do use reputable large CA's. Its actually quite easy, and with minimum side effects. If a site is signed with a ca root you do not allow, you examine the cert closely and determine if its really worth the effort to verify the identity of the website or to use a different website that provides the same features.

2b) Yes, this may be trusting CA's that have just as poor security as DigiNotar's, but reducing the number of ones that you do trust reduces your vulnerabilities, I think. In any case there are CA's that are trusted by browser makers, that I do not trust who also do not sign any certs of any of the websites I use over SSL. Removing them is an obvious choice.

1 - I think you missed my point. A bank/commerce site can choose whatever CA they want, but it doesn't matter when 99% of their customers (purely made up) have default CAs in their browsers. It may not be the site's fault, but users are never the less vulnerable through the weakest CAs in their browser. There is absolutely nothing you can do as a website owner to protect your users.

2 - That's quite a hassle. Even for people who have the extra time and expertise to do it, it's bad that they'd need to give up their online choices due to shortcomings of HTTPS.

2b - Even if we assume that it's possible to audit the internal security of a CAs in a comparatively meaningful way, that knowledge is not really public. I certainly can't tell if vendor X is more secure than vendor Y, so on what basis should I white/black list them? Popularity?

So, I don't think it's reasonable or helpful to ask normal users to manage their own CAs. If anything, CAs should be licensed and audited to ensure some kind of compliance with security protocols. Better yet, transition to technologies which take third party CAs out of the loop.

Edit: I guess another possibility would be to change HTTPS validation to require two valid certificates from two independent CAs. This would significantly reduce the attack windows when one CA is compromised.

This would be pretty good from a security robustness standpoint...I don't think it'd be popular though.